Jay Berkenbilt

**Name of the Vulnerable Software and Affected Versions** QPDF versions 6.0.0 through 7.0.b1 **Description** The issue is related to the tokenizer in QPDF, which is recursive for arrays and dictionaries. This allows remote attackers to cause a denial of service, resulting in stack consumption and a segmentation fault, or possibly have other unspecified impacts. The attack can be carried out via a PDF document with a deep data structure. **Recommendations** For QPDF versions 6.0.0 through 7.0.b1, consider restricting the parsing of deeply nested PDF structures to prevent potential denial of service attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.